0

I'm trying to figure out how to do this and I need help PLEASE!!

I am currently running 2 websites with nginx, one as a reverse proxy (running on port 8080) and one regular with 443 and 8083. I need to be able to connect to an API running on the website locally. Something like "www.domain.com/api/v2"

The problem is, my website forces https and www in order for some things to work, so I can't just host a local server and connect to it with http://192.168.1.99:8083, because it redirects to https://www.192.168.1.99:8083 and doesn't work. Is there any way to add an exception or anything to this? Or to connect to domain.com through the local pc? Here is my config, please help me out

server {
    listen 80;
    listen [::]:80;
    server_name www.satiresmp.ca satiresmp.cat;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    keepalive_timeout 70;

        server_name www.satiresmp.ca satiresmp.ca;
        ssl_certificate /etc/letsencrypt/live/www.satiresmp.ca/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.satiresmp.ca/privkey.pem;
        root /var/www/satiresmp.ca;

    index index.php index.html;
    http2_push_preload on;

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options nosniff;

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { allow all; log_not_found off; access_log off; }
    location ~ /\. { deny all; }
    location ~* /(?:uploads|files)/.*\.php$ { deny all; }
    location / { try_files $uri $uri/ /index.php?route=$uri&$args; }
    location ~*  \.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|svg|ttf|woff2)$ { expires 365d; log_not_found off; }
    location ~ ^/\.user\.ini { deny all; }
    location ~ /\.ht { deny all; }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html { root /usr/share/nginx/html; }

    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        include fastcgi_params;
        include snippets/fastcgi-php.conf;
    }
}

I tried using a reverse proxy, I tried running a seperate web server, I tried just turning off force https and www but that broke some things with my website software (that's not an option), I reinstalled certifications so many times that I actually got rate limited for satiresmp.ca so I had to do www.satiresmp.ca

Satire
  • 3
  • 2
  • What is the result of `curl -i --location http://192.168.1.99:8083`? Is this redirected to https? I think your browser might redirect automatically. – Andromeda Mar 21 '23 at 21:55
  • curl: (6) Could not resolve host: www.192.168.1.99 I don't want to turn off force https, I want to be able to connect using my domain, or add an exception for force www. in my .htaccess file for when I access it using localhost, so it doesn't force redirect to www.192.168.1.99:8083. Basically I wanna force www and https for anyone that isn't the computer it's running on – Satire Mar 22 '23 at 00:22

1 Answers1

0

This is what is causing that:

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;";

It forces the browser to always redirect to https.

You could disable it, or add a second server block for when you dont need it.

Alberto B
  • 18
  • 3
  • I don't want to turn off force https, I want to be able to connect using my domain, or add an exception for force www. in my .htaccess file for when I access it using localhost, so it doesn't force redirect to www.192.168.1.99:8083. Basically I wanna force www and https for anyone that isn't the computer it's running on – Satire Mar 22 '23 at 00:18